Patient Registrations

Supplier Name (IT Only)

Healthtech 1 gathers this information from the patient.

Contract End Date (If applicable, IT Only)

Contract Location (IT Only)

Cloud

Contract Start Date (IT Only)

November 1, 2021

Date IA issued (if applicable)

November 1, 2021

Date IA returned

Date of last audit

October 18, 2021

Do you receive it from someone outside your organisation or share it externally?

No, we recieve this directly from the patient.

Has there been a breach since last audit?

If breach since last audit, have all action items been completed?

Location

Azure Cloud in UK South Servers

Owner

Pete 🧪 twenty--twenty

Risks if there is a breach

Demographic and medical details can be associated with a patient that could be used to access other sources of information. Service users' highly personal records would be seen. This could cause upset to service users, reputational damage to the company, and breach data protection legislation. The company could be fined or other pernalties could be imposed.

Shared Externally? If so, is the Process Included on the ROPA?

Special Category Data?

Yes, Ethnicity and Sexual Orientation, for practice's population understanding.

What information is kept here, why?

Patient demographic and medical information is collected, stored and used in order to be able to register a patient for our customers, GP practices.

What security measures have been put into place

This is in our own secure systems. We store this data in a secure cloud built in a safe software architecture. We restrict access and controls to only those need access to this information. We adhere to national security guidance and Cyber Security Essentials. We have annual 3rd party assessments of our software.